From KAOS to RBAC: A Case Study in Designing Access Control Rules from a Requirements Analysis

From KAOS to RBAC: A Case Study in Designing Access Control Rules from a Requirements Analysis

This paper presents the KAOS2RBAC approach for Security Requirements Engineering. Starting from functional requirements, linked to a data model, the approach first identifies high level security goals. It then refines these security goals into security requirements linked to the functional model. Fi...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Ledru, Y., Richier, J., Idani, A., Labiadh, M.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Access control
Availability
Computer Science
Medical diagnostic imaging
Medical services
Regulators
Software Engineering
Unified modeling language
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:This paper presents the KAOS2RBAC approach for Security Requirements Engineering. Starting from functional requirements, linked to a data model, the approach first identifies high level security goals. It then refines these security goals into security requirements linked to the functional model. Finally, these security requirements lead to the design of access control rules. An informal verification step checks that the rules give enough permission to enable all functional requirements. The approach takes benefit of the KAOS notations to link functional and non-functional goals, agents, data, and access control rules in a single requirements model. This enables traceability between security goals and the resulting access control rules. The approach is illustrated by a case study: an information system for medical urgency, taken from a real project.
DOI:10.1109/SAR-SSI.2011.5931378